<!-- The InProcess section pertains to components that run inside the web server. -->
<InProcess logger="@-PKGSYSCONFDIR-@/native.logger">
+ <SessionCache type="Remoted" cleanupInterval="900" cacheTimeout="900"/>
+
<!--
To customize behavior, map hostnames and path components to applicationId and other settings.
-->
points into to this section.
-->
<Applications id="default" policyId="default" entityID="https://sp.example.org/shibboleth"
- homeURL="https://sp.example.org/index.html">
+ homeURL="https://sp.example.org/index.html" REMOTE_USER="eppn persistent-id"
+ localLogout="@-PKGSYSCONFDIR-@/localLogout.html"
+ globalLogout="@-PKGSYSCONFDIR-@/globalLogout.html">
<!--
Controls session lifetimes, address checks, cookie handling, and the protocol handlers.
disabled.
-->
<Sessions lifetime="28800" timeout="3600" checkAddress="false"
- handlerURL="/Shibboleth.sso" handlerSSL="false" idpHistory="true" idpHistoryDays="7">
+ handlerURL="/Shibboleth.sso" handlerSSL="false" exportLocation="/GetAssertion"
+ idpHistory="true" idpHistoryDays="7">
<!--
SessionInitiators handle session requests and relay them to a Discovery page,
<SessionInitiator type="Chaining" Location="/Login" isDefault="true" id="idp.example.org"
relayState="cookie" entityID="https://idp.example.org/shibboleth">
<SessionInitiator type="SAML2" defaultACSIndex="1" template="@-PKGSYSCONFDIR-@/bindingTemplate.html"/>
- <SessionInitiator type="Shib1" defaultACSIndex="3"/>
+ <SessionInitiator type="Shib1" defaultACSIndex="4"/>
</SessionInitiator>
<!-- An example using an old-style WAYF, which means Shib 1 only unless an entityID is provided. -->
<SessionInitiator type="Chaining" Location="/WAYF" id="WAYF" relayState="cookie">
<SessionInitiator type="SAML2" defaultACSIndex="1" template="@-PKGSYSCONFDIR-@/bindingTemplate.html"/>
- <SessionInitiator type="Shib1" defaultACSIndex="3"/>
- <SessionInitiator type="WAYF" defaultACSIndex="3" URL="https://wayf.example.org/WAYF"/>
+ <SessionInitiator type="Shib1" defaultACSIndex="4"/>
+ <SessionInitiator type="WAYF" defaultACSIndex="4" URL="https://wayf.example.org/WAYF"/>
</SessionInitiator>
<!-- An example supporting the new-style of discovery service. -->
<SessionInitiator type="Chaining" Location="/DS" id="DS" relayState="cookie">
- <SessionInitiator type="SAML2" template="@-PKGSYSCONFDIR-@/bindingTemplate.html"/>
- <SessionInitiator type="Shib1" defaultACSIndex="3"/>
+ <SessionInitiator type="SAML2" defaultACSIndex="1" template="@-PKGSYSCONFDIR-@/bindingTemplate.html"/>
+ <SessionInitiator type="Shib1" defaultACSIndex="4"/>
<SessionInitiator type="SAMLDS" URL="https://ds.example.org/DS"/>
</SessionInitiator>
-->
<md:AssertionConsumerService Location="/SAML2/POST" index="1"
Binding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST"/>
- <md:AssertionConsumerService Location="/SAML2/Artifact" index="2"
+ <md:AssertionConsumerService Location="/SAML2/POST-SimpleSign" index="2"
+ Binding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST-SimpleSign"/>
+ <md:AssertionConsumerService Location="/SAML2/Artifact" index="3"
Binding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Artifact"/>
- <md:AssertionConsumerService Location="/SAML/POST" index="3"
+ <md:AssertionConsumerService Location="/SAML/POST" index="4"
Binding="urn:oasis:names:tc:SAML:1.0:profiles:browser-post"/>
- <md:AssertionConsumerService Location="/SAML/Artifact" index="4"
+ <md:AssertionConsumerService Location="/SAML/Artifact" index="5"
Binding="urn:oasis:names:tc:SAML:1.0:profiles:artifact-01"/>
+ <!-- LogoutInitiators enable SP-initiated local or global/single logout of sessions. -->
+ <LogoutInitiator type="Chaining" Location="/Logout">
+ <LogoutInitiator type="SAML2" template="@-PKGSYSCONFDIR-@/bindingTemplate.html"/>
+ <LogoutInitiator type="Local"/>
+ </LogoutInitiator>
+
+ <!-- md:SingleLogoutService locations handle single logout (SLO) protocol messages. -->
+ <md:SingleLogoutService Location="/SLO/SOAP"
+ Binding="urn:oasis:names:tc:SAML:2.0:bindings:SOAP"/>
+ <md:SingleLogoutService Location="/SLO/Redirect" conf:template="@-PKGSYSCONFDIR-@/bindingTemplate.html"
+ Binding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect"/>
+ <md:SingleLogoutService Location="/SLO/POST" conf:template="@-PKGSYSCONFDIR-@/bindingTemplate.html"
+ Binding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST"/>
+ <md:SingleLogoutService Location="/SLO/Artifact" conf:template="@-PKGSYSCONFDIR-@/bindingTemplate.html"
+ Binding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Artifact"/>
+
<!--
md:ArtifactResolutionService locations resolve artifacts issued when using the
SAML 2.0 HTTP-Artifact binding on outgoing messages, generally uses SOAP.
-->
- <md:ArtifactResolutionService Location="/SOAP/Artifact" index="1"
+ <md:ArtifactResolutionService Location="/Artifact/SOAP" index="1"
Binding="urn:oasis:names:tc:SAML:2.0:bindings:SOAP"/>
</Sessions>
<!-- Configure handling of outgoing messages and SOAP authentication. -->
<DefaultRelyingParty authType="TLS" artifactEndpointIndex="1"
- signRequests="true" encryptRequests="true" signResponses="true" encryptResponses="true">
+ signRequests="front" encryptRequests="front" signResponses="true" encryptResponses="true">
<!-- Uncomment and modify to tweak settings for specific IdPs or groups. -->
<!--
<RelyingParty Name="SpecialFederation" keyName="SpecialKey"/>
signedAssertions="false"
requireConfidentiality="true"
requireTransportAuth="true"
- chunkedEncoding="true"
+ chunkedEncoding="false"
connectTimeout="15" timeout="30"
>
<Rule type="SAML1Message"/>